Commands

Commands is a cyberweapon developed entirely by Fluid Attacks
for in-depth penetration of workstations and critical servers
during Pentesting in One-Shot Hacking
when its use is authorized.

Purpose

We are not only interested in finding vulnerabilities,
but also in demonstrating to the client the potential risks
and direct impact these vulnerabilities can have on their business.
To do this we must have control of multiple critical systems
in order to create a network of infected nodes
that we control to obtain sensitive information
or further infect other nodes.

How we do it

In order to use FLUIDCommands,
first we need administrative access to the vulnerable system.
We achieve this through the manual tests executed by our experts.
Once we have administrative access
we can proceed to remotely infect the first machine.
With the first machine compromised, and which we now control,
we can expand and infect other connected nodes or focus on this first machine.
If we focus on the first infected machine
we can do an in-depth search looking for sensitive information
or new and bigger attack vectors.

Zero Collateral Damage

It is important to note that the commands cyberweapon
is never installed on the vulnerable system as a service
nor an automatic running task.
Once all tests have concluded
it is remotely uninstalled
without leaving any trace or collateral damage.

Command and Control Center

FLUIDCommands uses a Command and Control Center
from which we can send orders, or commands, to our botnet of infected nodes.
The Command and Control Center communicates with all infected nodes
through a reverse proxy using ICMP,
always giving us full control over our cyberweapon.
With only one infected node,
commands can spread remotely to neighboring systems.

Capture Feature

Screen Shot: Through the scr command we can take a screen capture
of the infected machine without alerting the victim.

Audio capture: Using the mic command we can open your microphone
and capture live audio.

Keylogger: The keylog command allows us to capture
and log all your keyboard strokes in order to obtain sensitive data,
such as credentials or credit card info.

exec Feature

This feature allows us to remotely execute any command available
through cmd on the infected machine.

echo Feature

This command is used to test the connection and assure
we have control of the infected node.
It echos back whatever we pass to it.

Detection Evasion

Our cyberweapon avoids being detected
by all AntiX and SOC controls
by masking all requests and commands
under a familiar and trusted protocol.